Re: Calling David Copeland regarding .local convention

From: Gordon Fecyk (gordonf_at_pan-am.ca)
Date: 05/28/04

Next message: Matthew Huynh [MSFT]: "Re: SBS 2003 Connection Manger"
Previous message: Geoff: "licensing"
In reply to: Jeff L: "Re: Calling David Copeland regarding .local convention"
Next in thread: Jeff L: "Re: Calling David Copeland regarding .local convention"
Reply: Jeff L: "Re: Calling David Copeland regarding .local convention"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 27 May 2004 20:37:16 -0500

> The in house admin wants to set up an intranet
> site but has problems resolving the name through DNS(Give me a little
leeway
> here: consider the admin is relatively inexperienced [a fresh MCSE]).

Don't they teach firewalls in MCSE courses? :-)

> They
> make some changes to DNS and the firewall while
> trying to get their intranet
> site to resolve in a timely manner.

...while forgetting the bottleneck could be in IIS instead, or (if a secure
intranet site) forgetting to install the company CA certificate on the
client machine... don't they teach this in MCSE school too?

I guess I'm trying to say that inexperience isn't an excuse for reading and
testing and asking questions. I learn new stuff all the time but I try to
learn from other peoples' mistakes first. And I test. And I test, and I
test, and I test.

> They fail to consider the broader picture and have
> made a "few extra clicks"
> in their trial and error approach to administration.

He's going to learn the hard way, or hopefully hire a new consultant. And,
the first consultant should've been nailed for not documenting their work.

Some have even argued that Windows and its designers encourage
trial-and-error administration to the point of negligence. But this will
digress into a Windows/Linux flamewar (or a Linux/Windows flamewar from a
Linux admin's viewpoint) so I'll stop. :-)

> My questions are:
> 1) How do you feel about their security now?

How do I feel? If I was told this by the client (the internal admin) I'd no
doubt have questions, and then point out why what they've done is a Bad
Idea, and I'd be frustrated. But it's their equipment, and that's hard to
remember sometimes.

If the previous consultant had any smarts he'd have documented everything
for their client, and hopefully the client would be smart enough to read
what they've paid for first.

> 2) Who do you think the internal admin is going to blame three months
later
> when they get hacked?

People can get threatened with lawsuits at this point. If I were the first
consultant and I was blamed for "client error," I'd hope I'd have a chance
to fix it and then explain what really happened. Barring that, I'd have the
documentation I wrote demonstrating that I'm not an idiot. The lawyers can
take over from there.

People have a tendency to blame others before blaming themselves - that's
just natural. So for sure, this admin is probably going to blame their last
consultant. That's where the documentation helps.

Besides, wether someone gets hacked or 0wnzd or not, has little bearing on
what name space their internal AD domain uses, because "h4x0rz" do stuff by
IP addresses. I think this leads to the answer to this:

> 3) What is the difference between the situation if they have
> .com?
> .local?
> .lan?
> .otl?

...which is "none," because the name space is irrelevant to "k1dd13z"
looking for network addresses. It has relevance to internal access to
external Internet sites if you mess with an existing name space without
registering a name in it, but that's another problem.

I walk the walk, by the way. Besides, I get paid to write documentation as
well as work on the systems. It's in a good consultant's best interest to
leave a paper trail for their own reference, as well as for the client, the
other consultants, and the lawyers.

-- 
PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
What's a PGP Key?  See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>

Next message: Matthew Huynh [MSFT]: "Re: SBS 2003 Connection Manger"
Previous message: Geoff: "licensing"
In reply to: Jeff L: "Re: Calling David Copeland regarding .local convention"
Next in thread: Jeff L: "Re: Calling David Copeland regarding .local convention"
Reply: Jeff L: "Re: Calling David Copeland regarding .local convention"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Calling David Copeland regarding .local convention
... the clients who are least willing to pay for documentation ... > the first consultant should've been nailed for not documenting their work. ... If I was told this by the client I'd ... > People have a tendency to blame others before blaming themselves - that's ...
(microsoft.public.windows.server.sbs)
Re: RWW Disconnecting
... I understand that remote client encounts following error message when RWW ... I strongly suggest that we rerun the Configure E-mail and Internet ... 825763 How to configure Internet access in Windows Small Business Server ...
(microsoft.public.windows.server.sbs)
RE: Internet Printing
... that the option "Connect" is missing no matter the client is from internal ... it appears that IIS Internet Printing on Windows Server 2003 is ... To verify, install IIS ...
(microsoft.public.windows.server.sbs)
Re: RWW Disconnecting
... I have been connected from a remote site for about 3 ... DHCP server and even a wireless access ... the key codes to for Internet access. ... Client Workstations} ...
(microsoft.public.windows.server.sbs)
Re: RWW Disconnecting
... Server to test the issue. ... I understand that remote client encounts following error message when RWW ... I strongly suggest that we rerun the Configure E-mail and Internet ...
(microsoft.public.windows.server.sbs)